Powershell Newbie Question

I have a script that's searching active directory for all users with a specific email domain then the script is moving all the users to a specific OU. 

Example:

User1@domain1.com

user2@domain2.com

User3@domain3.com

I need to move user1@domain1.com from its current OU to a new OU called domain1. 

I have a text file with the list of OUs but its not the dn or cn. I have another text file with OUs that should be excluded. 

Sample Script below:

                                 

$outputfilelocation = "c:\temp\output.txt"

  Try {
        $QuestSnapInLoaded = $true
        Add-PSSnapin Quest.Activeroles.ADManagement -EA stop -ErrorVariable err
    }
Catch { 
Write-Warning " Quest PS Snapin failed to load. Please download and install Quest snapin"
$err | Out-File $OutputFileLocation -Append
$QuestSnapInLoaded = $false
    }

$ous = get-content c:\temp\ou.txt

foreach ($ou in $ous) {

if ((get-content c:\temp\excludeou.txt) -eq $ou) {

write-host "OU is on exclude OU list"

pause}

else {

$oupath = Get-QADObject -type organizationalunit |Where-Object {$_.name -like "$ou"} |select CanonicalName

$users = Get-QADUser | where-object {$_.email -like "*@$ou.com"}

foreach ($user in $users) {

Move-QADObject -id $user -NewParentContainer "$oupath" }

}}

When I run the script, I get the following error message. 

Move-QADObject : Cannot resolve directory object for the given identity: '@{CanonicalName=domain.com/domain}'.

I'm not sure how to extract only "domain.com/domain" from the CanonicalName prior to passing the variable to move-object. Any help provided will be greatly appreciated. Thanks in advance.




April 17th, 2014 11:49pm

Hi - "PowerShell Newbie question" is not a question. A topic, if it is a question type of topic needs to be a question. It is how people find things and how we are able to understand what the topic is about.

If this is a question it is hard to see what it is.  You discuss many things but it all seems to come down to having an error.

You are passing a user object to a CmdLet that wants to have an identity.

Your description and script are very hard to follow.  I suggest starting by spending some time leaning how to use PowerShell.  Take your task one step at a time.  Test the outcome of each step and be sure you understand what it does.  Once you learnthe basics of PowerSHell then look at exaamples of Quest scripts and try to understand how they work.  You will also need to learn what Active Directory is.  What is anidentity and what is a name or canonical name.

Most of what I see has been copied from somewhere where the writers are clearly not skilled with scripting  so you may have picked up bad information.

Here is a starter to get things back on a usable path:

Start with this until you understand it and fix any other issues you may not have understood.   You can add the fancy stuff back in later.

Add-PSSnapin Quest.Activeroles.ADManagement

$excluded=get-content c:\temp\excludeou.txt
$ous=get-content c:\temp\ou.txt | ?{$excluded -notcontains $_}

# get users by maching email address to OU
foreach($ou in $ous){
     $newParent=Get-QADObject -Type organizationalunit -Identity $ou
     Get-QADUser -Email "*$ou*" |
          Move-QADObject -NewParentContainer $newParent -whatif
}

Free Windows Admin Tool Kit Click here and download it now
April 18th, 2014 3:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics